From nobody@FreeBSD.org  Wed Oct  7 15:31:54 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D79961065693
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  7 Oct 2009 15:31:54 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id C726B8FC2C
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  7 Oct 2009 15:31:54 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n97FVs8A028300
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 7 Oct 2009 15:31:54 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n97FVsIt028299;
	Wed, 7 Oct 2009 15:31:54 GMT
	(envelope-from nobody)
Message-Id: <200910071531.n97FVsIt028299@www.freebsd.org>
Date: Wed, 7 Oct 2009 15:31:54 GMT
From: sobotap <>
To: freebsd-gnats-submit@FreeBSD.org
Subject: DHCP server with two interfaces connected to one physical network
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         139405
>Category:       ports
>Synopsis:       net/isc-dhcp30-server: DHCP server with two interfaces connected to one physical network
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    dougb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 07 15:40:01 UTC 2009
>Closed-Date:    Sat Oct 15 00:13:46 UTC 2011
>Last-Modified:  Sat Oct 15 00:13:46 UTC 2011
>Originator:     sobotap
>Release:        8.0-CURRENT-200809
>Organization:
Warsaw University of Technology
>Environment:
FreeBSD volt.iem.pw.edu.pl 8.0-CURRENT-200809 FreeBSD 9.0-CURRENT #0: Tue Sep 22 13:21:47 CEST 2009     ato@volt.iem.pw.edu.pl:/tmp/obj/usr/src/sys/VOLT  amd64
>Description:
Internet Software Consortium DHCP Server V3.0.1rc12pxe2

sk0:  1.1.1.3 (public IP)
nve0: 10.10.0.3 (private IP)

/etc/dhcpd.conf
---------------

shared-network "xxxx" {
  subnet 1.1.1.0 netmask 255.255.255.0 {
    authoritative;
    option domain-name-servers 1.1.1.3;
    option routers 1.1.1.1;
  }
}

subnet 10.10.0.0 netmask 255.255.0.0 {
  authoritative;
  option routers 10.10.0.3;
  option domain-name-servers 10.10.0.3;
  # unknown clients MAC
  pool {
    allow unknown clients;
    range 10.10.0.100 10.10.0.250;
  }
}

host abcd { hardware ethernet 00:11:22:33:44:55; fixed-address 1.1.1.5; }
host efgh { hardware ethernet 00:22:44:66:88:99; fixed-address 10.10.0.5; }

server dhcp listening on sk0 and nve0
both interfaces are connected to ine physical network

Client abcd (public IP) sends DHCPDISCOVER,
dhcp server logs next information,
**** dhcpd: DHCPDISCOVER from 00:11:22:33:44:55 via nve0: network 10.10.0.0/16: no free leases
**** dhcpd: DHCPDISCOVER from 00:11:22:33:44:55 via sk0
server dhcp response DHCPOFFER: 1.1.1.5,
client sends DHCPREQUEST: 1.1.1.5,
if server DHCP get this request at first via nve0
and then get this request at next via sk0
server DHCP at first send DHCPNAK and next send DHCPACK
in accordion with RFC client starts DHCP dialogue from beginning.
Changing order interfaces on which server dhcp in listening
do the same problem for client efhg (private IP).

>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->jpaetzel 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Oct 7 18:11:03 UTC 2009 
Responsible-Changed-Why:  
Maybe a ports PR? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=139405 

From: Josh Paetzel <jpaetzel@FreeBSD.org>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/139405: net/isc-dhcp30-server: DHCP server with two interfaces connected to one physical network
Date: Wed, 7 Oct 2009 12:50:58 -0700

 It seems that this isn't a very good network configuration.  What  
 steps are you taking to prevent ARP leakage for instance?  Before I  
 spend anytime sorting out if the problem can be fixed in the DHCP  
 server I'd like to know that there aren't other issues.
 
 Can the separate subnets be put on VLANs to isolate the traffic?
 
 Also, can you provide a valid email address?
 
 
 Thanks,
 
 Josh Paetzel
 
 
 
 

From: Pawel Sobota <sobotap@volt.iem.pw.edu.pl>
To: bug-followup@FreeBSD.org
Cc: Josh Paetzel <jpaetzel@FreeBSD.org>
Subject: Re: ports/139405: net/isc-dhcp30-server: DHCP server with two
 interfaces connected to one physical network
Date: Mon, 12 Oct 2009 00:17:43 +0200 (CEST)

 Maybe it is not very good network configuration,
 but it has one important advantage,
 look at the following lines:
 
 /etc/dhcpd.conf
 host host1 { hardware ethernet 00:11:22:33:44:55; fixed-address 1.1.1.5; }
 //host host1 { hardware ethernet 00:11:22:33:44:55; fixed-address 
 10.10.10.5; }
 
 you can easily to decide when the same host
 should have public or private IP.
 In normal work in laboratory computers no need public IP,
 but in special cases, for testing
 sometimes students need these computers with public IP.
 I do not understand, why should I prevent ARP leakage?
 
 Thanks,
 Pawel
State-Changed-From-To: open->closed 
State-Changed-By: dougb 
State-Changed-When: Sat Oct 15 00:13:18 UTC 2011 
State-Changed-Why:  

Port has been removed. 


Responsible-Changed-From-To: jpaetzel->dougb 
Responsible-Changed-By: dougb 
Responsible-Changed-When: Sat Oct 15 00:13:18 UTC 2011 
Responsible-Changed-Why:  

I removed it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=139405 
>Unformatted:
